In regards to Terraform state file, select all the statements below which are correct: (select four)
A . storing state remotely can provide better security
B . the Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access
C . Terraform Cloud always encrypts state at rest
D . using the mask feature, you can instruct Terraform to mask sensitive data in the state file
E . when using local state, the state file is stored in plain-text
F . the state file is always encrypted at rest
Answer: A,B,C,E
Explanation:
Terraform state can contain sensitive data, depending on the resources in use and your definition of "sensitive." The state contains resource IDs and all resource attributes. For resources such as databases, this may contain initial passwords. When using local state, state is stored in plain-text JSON files.
If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data.
Storing Terraform state remotely can provide better security. As of Terraform 0.9, Terraform does not persist state to the local disk when remote state is in use, and some backends can be configured to encrypt the state data at rest.
Leave a Reply